Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseGHSA-88rc-3p98-rgvx
GHSA-88rc-3p98-rgvx:
PHP vulnerability analysis and mitigation
Overview
A critical security vulnerability (GHSA-88rc-3p98-rgvx) was identified in Shopware's platform and core packages (shopware/platform and shopware/core) affecting versions 6.3.5.2 and below. The vulnerability was disclosed on April 12, 2021, and involves after order payment process manipulation (GitHub Advisory).
Technical details
The vulnerability is classified as Critical severity and is associated with CWE-668. The issue specifically relates to after order payment process manipulation in the Shopware e-commerce platform (GitHub Advisory).
Impact
The vulnerability allows for after order payment process manipulation, which could potentially affect the integrity of payment transactions in Shopware installations (GitHub Advisory).
Mitigation and workarounds
The vulnerability has been patched in version 6.3.5.3. Users are strongly recommended to update to this version through the Auto-Updater or via the download overview. For older versions (6.1 and 6.2), security measures are available through a dedicated plugin. However, updating to the latest Shopware version is recommended for full functionality (GitHub Advisory).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management